The employee I need to consider suspending is a doctor – do I have to follow MHPS

Safeguarding issues are relatively uncommon, however, if they do occur, the normal safeguarding procedure of the organisation should be followed.

• It is important to have a clear paper trail for any agreed reduction in salary, and hence any reduction in the amount of contributions. However, the contribution rates (as opposed to the amounts) should be the same as normal, and hence all processes and software should function as per normal and, amongst other things, remain compliant with auto-enrolment employer duties.
• However, if the period of affected contributions does not overlap precisely with the period of reduced salary, for example because of different cut-off dates, there may well be instances of non-compliance with auto-enrolment employer duties at the beginning as well as at the end of the period covered by the Coronavirus Job Retention Scheme.
• Accordingly, where an employer takes advantage of the Coronavirus Job Retention Scheme, good communication with the persons responsible for pensions administration and detailed record-keeping are essential to prevent non-compliances in the short-term and confusion in the long term.

The coronavirus outbreak has seen State support being given to businesses on an unprecedented scale.

This issue is likely to be increasingly relevant as Governments seek to protect and stimulate their economies as they emerge from lockdown.

How have the rules been relaxed in the context of the crisis and what facets of the existing law can be used for the State to provide support to undertakings?

All organisations have underperformers. Capability is a potentially fair reason to dismiss and is separate to any redundancy procedures.

Generally, capability falls into either absences through illness or underperformance in the role. Those who are absent through sickness can be furloughed, but when furlough comes to an end they will need to go back onto sickness. If you are looking to tackle absence then you need to tackle long term and short term absence in a different way.

Long term absence: You need to establish whether the employee is able to return to work (with or without reasonable adjustments) in the medium term. This requires medical opinion and be careful of disability issues. Reasonable adjustments are likely to be important.

Short term absence: You will need to demonstrate that you have fair absence triggers in place and there is normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal. Be careful of disability issues.

As for underperformance: To tackle this, you will need to have clear SMART objectives in place and evidence of the employee failing to meet these. There would then normally be a 3 stage procedure: warning and final warning followed by dismissal on notice. Each stage needs a fair procedure, with written information, a fair hearing and the opportunity to appeal.

With the loss of face-to-face meetings in the current situation, video conferencing has taken centre stage. But how do you do that in a compliant way? Here are some of the main high-level data protection issues to consider when selecting and implementing a new third party provider’s video conferencing system.

1. Make sure you do your due diligence on the security measures offered by the provider. Clearly you can’t visit them, so look at the information offered publicly by the provider and read good quality, reliable, third party sources and ask the provider questions directly. Also ask any other organisations you know that use the provider. Document all this.
2. If personal information is being sent outside of the UK/European Economic Area, make sure that transfer complies with GDPR. If it’s a US provider, is it registered in the EU-US Privacy Shield list or does it offer a model clause contract (you’re likely to need the 2010 version)? Or is the service provided from a country whose data protection laws offer equivalent protection to those in Europe? Look at the support service as well as the hosting. Document this.
3. Make sure you put a compliant processor agreement in place. The provider should offer one as part of the contract terms. Check it meets GDPR requirements.
4. You’re likely to need to update your privacy notice, particularly if you’re going to record calls. Provide participants with a short message and link to the privacy notice in the meeting invite and on any registration page.
5. Create or update other GDPR-mandated documentation – for example, depending on your use, you may need a legitimate interests assessment and to update your record of processing.
6. Finally, configure and use the system in a secure and compliant way. Look at the settings/options carefully and think through the security and compliance implications of each. That could include deciding who in the meeting can share their screen; whether or not you use passwords for participants; whether or not to record, and if you’re going to record, where to store the recording. Document your decisions and the reasons for them.

The ICO has said it understands that resources, whether they are finances or people, might be diverted away from usual compliance work during the pandemic. However the last thing you need at the moment is to create a bigger problem than the one you are trying to solve. So do the best you can, ask for help from one of our specialists if you need it, and keep the whole thing under review.

On 16 April 2020, Ian Hulme, the ICO’s Director of Assurance, posted a blog for business owners, employers and managers about how to safely roll out the latest video conferencing technology.

On 21 April 2020, the NCSC published security guidance for organisations on choosing, configuring and deploying video conferencing services.